The connections to the backend servers on a NetScaler appliance fail when it is configured in Direct Server Return (DSR) mode. The services that fail are configured to utilize only one or more of the following monitors:

• CITRIX-WI-EXTENDED

• FTP

• LDAP

• MYSQL

• NNTP

• POP3

• RADIUS

• SMTP

• SNMP

• USER (Custom Perl Script)

In addition to the script-based monitor(s), bind a kernel-based monitor such as PING or TCP, to the service with a longer interval between probes than that of the script-based monitors.

---

Problem Cause

In a DSR configuration, the NetScaler appliance does not replace the load balancing virtual server IP address with the destination server IP address. Instead, the appliance forwards the packets to a service by using the server MAC address, which the appliance obtains from the monitor bound to the service.

However, monitors which use scripts stored on the NetScaler appliance, do not learn the MAC address of the server. If you use only script-based monitors in a DSR configuration for each request the virtual server receives, then the appliance attempts to resolve the destination IP address to a MAC address by sending ARP requests. Because the destination IP address is a virtual IP address configured on the NetScaler appliance, the ARP requests always resolve to the MAC address of the NetScaler interface. Consequently, all traffic received by the virtual server is looped back to the appliance.

The connections to the backend servers on a NetScaler appliance fail when it is configured in Direct Server Return (DSR) mode with specific monitors. This article contains information about this issue.

Configuring Load Balancing in Direct Server Return Mode

CTX110501 - How to Configure the Direct Server Return on a NetScaler Appliance